What you need to know about Information Governance

The phrase "Information Governance" is a lot like "Knowledge Management" - the definition is different depending on the person attempting the definition!

The answer to the question “What is Information Governance” will likely be different depending on who is asked the question.

A corporate records manager or archivist will like tell you that information governance is just a new term for records management. However, ask your legal team and they will talk about being prepared for the onerous task of eDiscovery. If you ask your IT manager then you will be told that file analysis and legacy clean-up of shared drives is information governance.

There is also a world of difference between Data Governance and Information Governance.

The former is typically an IT owned responsibility relating to information storage and movement, while Information Governance (IG) on the other hand is typically a business or compliance/legal driven approach to managing and controlling how all enterprise content is used, retained and destroyed.

It is defined by Gartner as “the set of multi-disciplinary structures, policies, procedures, processes and controls implemented to manage information at an enterprise level, supporting an organization’s immediate and future regulatory, legal, risk, environmental and operational requirements”.

On a much more practical level, the Information Governance Initiative (IGI) defines IG as “the activities and technologies that organizations employ to maximize the value of their information while minimizing associated risks and costs.”

“Information governance is a fast-growing priority for most organisations around the globe,” commented Sean Pike, program director, Next-Generation Data Security and eDiscovery & Information Governance, IDC.

Given the importance of information to business success, you would expect employees to take every possible step to manage information securely. Yet, in a recent survey commissioned by Iron Mountain, over half (57%) of the CxOs questioned admitted to having left business-sensitive or confidential information on the printer for all to see, with over a third (39%) admitting to having lost it in a public place. This admission reveals just how easy it could be for information to get into the wrong hands.

Despite understanding the value of the information their business holds, when it comes to safeguarding the information, business leaders often fail to follow the processes and policies designed to keep it secure.

Many organisations have implemented a centralised EDRMS as a move towards better information governance, however the challenge exists to avoid making information management processes too complex for everyday users who will then choose to bypass them.

According to the same Iron Mountain survey, company bosses, more than employees in any other roles, found procedures for information filing (16%) and document retention (15%) to be overly complex and chose to avoid them where possible.

Australia is lagging the US in its approach to information governance, placing enterprises and individuals at risk, according to Susan Bennett, co-founder of Information Governance ANZ, a new think tank that aims to lift the profile of information governance and spur enterprises into action.

Ms Bennett is a lawyer with international experience in information governance for strategic information risk management, privacy frameworks and responses to data breaches, including regulatory responses.

“Sprawling data collections are exposing businesses to enormous risk and cost if they are subject to a cyber-attack or caught up in litigation or regulatory action, and information governance ensures that these risks and costs are minimised,” said Bennett.

Ms Bennett added that effective information governance required top-down commitment and an understanding by senior executives and the board, of the risks associated with having no proper strategy in place.

Ms Bennett is a lawyer with international experience in information governance for strategic information risk management, privacy frameworks and responses to data breaches, including regulatory responses.

“Sprawling data collections are exposing businesses to enormous risk and cost if they are subject to a cyber-attack or caught up in litigation or regulatory action, and information governance ensures that these risks and costs are minimised,” said Bennett.

Ms Bennett added that effective information governance required top-down commitment and an understanding by senior executives and the board, of the risks associated with having no proper strategy in place.

Ram Kumar, Director of Enterprise Information Management at IAG, the multinational insurance company headquartered in Sydney, believes applying traditional data governance practices can be a challenge in today’s fast paced, high volume and volatile data environment as it could curb speed to market with new innovative products.

“How you get the right balance in terms of innovation and speed to market while providing controls through data governance is now a hot and interesting topic.”

“Data is a core strategic asset of any organisation and should be governed like any other asset over the full lifecycle, from collection through to categorisation, storage, use and retention/destruction. Governance also includes management of privacy, security, data quality, master data and metadata management, and must be assessed over its full lifetime rather than in a bits and pieces fashion.”

This view that technology alone will never be enough to manage the challenge of information governance was reiterated recently by the National Archives of Australia, which is calling for Commonwealth agencies to establish a chief information governance officer (CIGO) role to bring people, technology and processes together.’

The target date for agencies to implement the role is 31 December 2017.

Dennis Layton is an Enterprise Data Architect, based in Canada with over 35 years of IT experience. He is an advocate for a more agile and adaptive approach to data management.

To meet this need, he believes data governance itself must evolve, moving away from the idea that only data deemed as a single version of truth can be used for informational purposes. It must become more agile as a practice adapting at the pace of change that exists today in IT. “Today the governance of data can no longer driven solely by the idea of a single version of truth. Data needs to be evaluated based on different levels of trust, privacy, timeliness, confidentiality and so on, so that a profile that can be developed and associated with each data set. This profile indicates the inherent level of risk and value to using this data.

“Data governance and the practice of data management needs to keep pace with the rate of a change in new sources of data. When data was solely sourced from corporate systems of record, the structure of that data was well defined and relatively static once in production. Changing the structure of a customer record for example required careful consideration because of its impact on a myriad and growing number of corporate systems that relied upon it.

“While this remains true of corporate systems of record, the structure of data from shadow IT systems, and external data sources such as social media are much more likely to change and grow over time. The practice of data management needs to become as agile, as the development of new systems has become.”